EQ提示拦截的~嘻嘻，H网的·

luxiao200888

avira kill

主动防御

原帖由 左手 于 2009-7-15 18:52 发表
还是不要了吧
我也是随便点的
等下你中毒
我岂不成了罪人~

没事儿，我开沙盘上去欣赏艺术

hddu

2009-07-15 19:42:05    创建文件      操作:阻止
进程路径:E:\A片电影播放器[1]\A%E7%89%87%E7%94%B5%E5%BD%B1%E6%92%AD%E6%94%BE%E5%99%A8[1].exe
文件路径:C:\WINDOWS\system32\__tmp_rar_sfx_access_check_6207395
触发规则:所有程序规则->WINDOWS文件夹设置->%windir%\s*\*

2009-07-15 19:42:10    创建文件      操作:阻止并结束进程
进程路径:E:\A片电影播放器[1]\A%E7%89%87%E7%94%B5%E5%BD%B1%E6%92%AD%E6%94%BE%E5%99%A8[1].exe
文件路径:C:\WINDOWS\system32\222111.exe
触发规则:所有程序规则->WINDOWS文件夹设置->%windir%\system*\*.exe

2009-07-15 19:42:10    创建文件      操作:阻止并结束进程
进程路径:E:\A片电影播放器[1]\A%E7%89%87%E7%94%B5%E5%BD%B1%E6%92%AD%E6%94%BE%E5%99%A8[1].exe
文件路径:C:\WINDOWS\system32\222111.exe
触发规则:所有程序规则->WINDOWS文件夹设置->%windir%\system*\*.exe

allinwonderi

[ General information ]
    * Drops files in %WINSYS% folder.
    * Creating several executable files on hard-drive.
    * Applications uses MSVBVM60.DLL (Visual Basic 6).
    * Display message box (C:\WINDOWS\system32\066.exe) : The ordinal 666 could not be located in the dynamic link library MSVBVM60.DLL.
    * Display message box () : gL\x07\x9a\xcd\\xf6\xd1\x1f\x19\xef\xe5\x0b\xe1o\x97\xe3\xb7\xd6\xf4\x1a\xc6\x82\xe1o.
    * Display message box (066.EXE) : The ordinal 666 could not be located in the dynamic link library MSVBVM60.DLL.
    * File length:       361887 bytes.
    * MD5 hash: ba3b5fe79dcd6de603b816ebbc0360f4.

[ Changes to filesystem ]
    * Creates directory C:.
    * Creates directory C:\WINDOWS.
    * Creates directory C:\WINDOWS\system32.
    * Creates file C:\WINDOWS\system32\__tmp_rar_sfx_access_check_55378252.
    * Deletes file __tmp_rar_sfx_access_check_55378252.
    * Creates file C:\WINDOWS\system32\222111.exe.
    * Creates file C:\WINDOWS\system32\tubiao123.exe.
    * Creates file C:\WINDOWS\system32\066.exe.
    * Creates file C:\WINDOWS\system32\__tmp_rar_sfx_access_check_55379679.
    * Deletes file __tmp_rar_sfx_access_check_55379679.
    * Creates file C:\WINDOWS\system32\game.ico.
    * Creates file C:\WINDOWS\system32\tubiao.exe.
    * Creates file C:\WINDOWS\system32\StormBox.ico.
    * Creates directory C:\WINDOWS\Lb.
    * Creates file C:\WINDOWS\Lb\__tmp_rar_sfx_access_check_55380714.
    * Deletes file __tmp_rar_sfx_access_check_55380714.
    * Creates file C:\WINDOWS\Lb\\x0f8\x0f.url.
    * Creates file C:\WINDOWS\Lb\(\xbf5q.url.
    * Creates file C:\WINDOWS\system32\__tmp_rar_sfx_access_check_55381041.
    * Deletes file __tmp_rar_sfx_access_check_55381041.
    * Overwrites file game.ico.
    * Creates file C:\WINDOWS\Lb\__tmp_rar_sfx_access_check_55381512.
    * Deletes file __tmp_rar_sfx_access_check_55381512.
    * Creates file C:\WINDOWS\Lb\__tmp_rar_sfx_access_check_55382287.
    * Deletes file __tmp_rar_sfx_access_check_55382287.
    * Overwrites file \x0f8\x0f.url.
    * Overwrites file (\xbf5q.url.

[ Changes to registry ]
    * Accesses Registry key "HKCU\Software\WinRAR SFX".
    * Creates key "HKCU\Software\WinRAR SFX".
    * Sets value "C%%WINDOWS%system32"="C:\WINDOWS\system32" in key "HKCU\Software\WinRAR SFX".
    * Sets value "C%%WINDOWS"="C:\WINDOWS\system32" in key "HKCU\Software\WinRAR SFX".
    * Sets value "C%%WINDOWS%Lb"="C:\WINDOWS\Lb" in key "HKCU\Software\WinRAR SFX".

[ Process/window information ]
    * Creates a dialogbox with caption "WinRAR \xea\xe3\x8b\x87\xf6".
    * Buttons found in dialogbox: id102[278,173]"O\xc8(&W)..." id1[211,223]"\x89\xc5" id2[278,223]"\xd6\x88" .
    * Creates a window with name "".
    * Pressing button with id 1 "".
    * Attemps to NULL C:\WINDOWS\system32\tubiao123.exe NULL.
    * Creates process "tubiao123.exe".
    * Attemps to NULL C:\WINDOWS\system32\066.exe NULL.
    * Creates process "066.exe".
    * Attemps to NULL C:\WINDOWS\system32\222111.exe NULL.
    * Creates process "222111.exe".
    * Creates a COM object with CLSID {FCFB3D23-A0FA-1068-A738-08002B3371B5} : VBRuntime.
    * Creates a COM object with CLSID {E93AD7C1-C347-11D1-A3E2-00A0C90AEA82} : VBRuntime6.
    * Attemps to NULL C:\WINDOWS\system32\tubiao.exe NULL.
    * Creates process "tubiao.exe".
    * Button id 1 is changing text to "s\xed".
    * Pressing button with id 1 "s\xed".

[ Signature Scanning ]
    * C:\WINDOWS\system32\222111.exe (73728 bytes) : no signature detection.
    * C:\WINDOWS\system32\tubiao123.exe (209692 bytes) : no signature detection.
    * C:\WINDOWS\system32\066.exe (102400 bytes) : no signature detection.
    * C:\WINDOWS\system32\game.ico (13942 bytes) : no signature detection.
    * C:\WINDOWS\system32\tubiao.exe (105104 bytes) : no signature detection.
    * C:\WINDOWS\system32\StormBox.ico (111286 bytes) : no signature detection.
    * C:\WINDOWS\Lb\\x0f8\x0f.url (176 bytes) : no signature detection.
    * C:\WINDOWS\Lb\(\xbf5q.url (182 bytes) : no signature detection.




[ 本帖最后由 allinwonderi 于 2009-7-15 20:57 编辑 ]

schumi小粉

原帖由 左手 于 2009-7-15 18:53 发表
这个不懂
今天照小姐的提示
自己全部加到极限安防规则了
改了一些为询问的
嘻，自己用着爽·

大小姐的规则真的很不错，危险等级都标注了，实在是精细到了一定的程度了，只是那个对OP的活动一直在弹日志，开学习还一直弹，还是换回极限安防，清爽，智能。。。。。

清风皓月

被偶的NOD干掉

vicke

呵呵……

92link

D:\TDdownload\A%E7%89%87%E7%94%B5%E5%BD%B1%E6%92%AD%E6%94%BE%E5%99%A8[1].rar>>A%E7%89%87%E7%94%B5%E5%BD%B1%E6%92%AD%E6%94%BE%E5%99%A8[1].exe>>066.exe        Trojan.Wfxbkz.ubmn        木马        还未处理
D:\TDdownload\A%E7%89%87%E7%94%B5%E5%BD%B1%E6%92%AD%E6%94%BE%E5%99%A8[1].rar>>A%E7%89%87%E7%94%B5%E5%BD%B1%E6%92%AD%E6%94%BE%E5%99%A8[1].exe>>222111.exe        Trojan.Generic.uaeu        木马        还未处理
     费尔！！！

xppara

卡巴有抓到病毒

失落的手链

瑞星2010
Trojan.Win32.Generic.11EAC007